Posted
by
Soulskillon Thursday November 05, 2009 @09:39AM
from the just-getting-warmed-up dept.

FutureDomain writes "A bill which just passed the House Financial Services Committee would require Internet Service Providers to block access to sites hosting financial scams that pose as members of the government-backed Securities Investor Protection Corporation (SIPC). The bill, called the Investor Protection Act and sponsored by Paul Kanjorski (D-PA), is broad enough to block not only websites, but email and any other 'electronic material.' 'Internet providers are also worried that Kanjorski's requirement — and the accompanying civil penalties and injunctions — would apply even if the blocking is not technically feasible.'"

TFA has an addendum that basically says the congressman that introduced the provision didn't understand the implications of what he wrote, and is planning on revising it based on input from the industry.

I know I'm not the only one who FREAKING HATES the idea of bureaucrats making decisions on this shit about which they have NO IDEA what they are talking about.

Argh, I know it's happened and will happen for years, but I hate hate hate it. They need to make a board of legitimate professionals in the industry who know WTF they are talking about to come up with any regulations that might be made.

I don't think you have a proper understanding of what a bureaucrat is. A congressman is not a bureaucrat. A bureaucrat is a member of the treasury department (and the treasury wisely included no such provision as this in their bill.)

A bureaucrat is also a member of ICANN or the FCC, the former of which has regulated the Internet so well that most people aren't even aware of its regulatory authority. The latter has demonstrated such a thoughtful and intelligent understanding of the issues at play that the ISPs have tried to smash the FCC down before it manages to rein in the ISPs' flagrant abuses of power.

Bureaucrats who have no idea what they're talking about are terrible things. However, if you look around you'll find most bureaucrats know exactly what they're talking about. It's the politicians you need to watch out for.

Yes - but - bureaucrats are as prone to those "unintended consequences" as anyone.

That can be said of any profession, in particular software development/engineering. Besides the statement being an oxymoron (an adjective I'm applying to this specific statement of yours, not you), it is non sequitur. It doesn't follow from FlyingBishop's post, nor counters the fact that politics =/= bureaucrats (and that/.ters don't seem to know the difference.) Kinda like "computer people" and "non-techies", nebulous or incorrect usage of nouns and titles really digs into a statement's logical validity.

And once a pack of bureaucrats adopt a measure, or a method, they are harder to change than the politicians.

I refer to a bureaucrat in this case as someone who is a narrow minded administrator of the bureaucracy that is the United States legal system, which is a perfectly valid definition and can be applied to a politician.

In this case, I also specified him as a bureaucrat who has no idea what he is talking about. The examples you gave would be bureaucrats who do, indeed, know what they are talking about:).

So, I would counter that it is you, sir, who does not completely understand the definition of a bure

Pick someone at random and let them run the country until they resign. If they are sufficiently incompetent, shoot them. If they resign without being shot, give them a large pension, proportional to how well they did their job and how long they lasted in office.

I was just thinking it won't be long before the interpretation of the term fraud site is twisted into something else.
We all know how the government handles the interpretation of laws. Just look at the tax code.

We all know how the government handles the interpretation of laws. Just look at the tax code.

...I'm not sure how this is relevant to the rest of your argument. The tax code is quite complicated, but if you take the time to read it, it is blatantly biased in favor of the extremely wealthy and of corporate entities.But that's not interpretation. That's the law, as it's written.

Won't be long before "fraud sites" = "copyright infringement" sites. Who is behind this?

You know, an easy and proper way to handle this would be to have a governmental entity maintain a blocklist which ordinary citizens can optionally install/use/turn on/turn off (with some easy to use software). See it like a seatbelt (I know the seatbelt is required by law in some countries but in this case it doesn't kill you to not use it) which you can switch on and off. This would be an excellent example of the government aiding the public instead of dictating the public. Those of us who know what we're getting ourselves into when we turn it off of never install it can choose freely, and those who don't bother to learn can fallback on this solution -- free to anytime educate themselves and turn it off. This way the government offers a safe choice (with whatever blocked content, be it copyright infringement or not) yet is liberal enough to let you decide in the end. If you get "hurt", then you're to blame for deliberately turning it off while being uninformed. And the rest of us get to keep the net undictated. At the end of the day the friction is between people who know what they're doing and want to be free to do what they consider to be the best way to utilize the net, and those who don't know what they're doing that are in need of this type of protection.

Won't be long before "fraud sites" = "copyright infringement" sites. Who is behind this?

You know, an easy and proper way to handle this would be to have a governmental entity maintain a blocklist which ordinary citizens can optionally install/use/turn on/turn off (with some easy to use software).

Hahahaha! Have you ever used government software? I have. It is anything but easy to use and provides virtually no feedback when it's doing something.

Instead of a law, people should just be using the software that already exists. Spybot is very good at adding hosts entries to your system and it's updated constantly. Install that, keep it updated, and you should be fine. If some other company comes up with a better solution, people will use that instead. We don't need a law for this and we most certai

What I do see a problem with is the jump to conclusion that a given web site is bad in some way, whether that be copyright infringement, scammer fraud, or other bad stuff, without the appropriate due diligence and due process, and including fair use consideration. I see a problem in mandating particular kinds of blocking mechanisms that have collateral damage. I see a problem in requiring the ISPs the take on all the costs (which means custom

Actually I was just excited at the chance to use an internet meme before someone else did. I was going more for a facetious/sarcastic thing. And to maybe make a point that you can abuse that phrase to dissuade people from outlawing almost anything. For example, "When they came for the rapists, I did not speak up because I was not a rapist." But in the end, it's probably best to forget that I said anything!

Bad. As you said, slippery slope. More likely than all-out censorship: false positives. Oops. hormel.com is on the SPAM list now. Pay $$$ and apply the following forms in triplicate to be removed from the list.

The congress person himself admits this implementation is flawed. It will be pulled back and worked on more.

On the subject of mission creep, the reason why this is a slippery slope fallacy is that the problems aren't actually linear. This doesn't require framework to push through legislation about blocking copyright infringing IPs/websites/whatever. The reason we see them as linear is we see certain things to be worse than other things. In reality, each is its own issue within itself.

Well I for one am extremely happy with this bill, and all the previous actions of Clinton, Bush, and Obama.

Their ever-increasingly central control via government of private citizens' lives, homes, and communications will make it MUCH easier for me. I and my brownshirts will be able to sweep-in to the Congress, declare emergency powers, turn-off the communication networks, and consolidate power with ease. Thank you Bill, George and Barak.

You realize that the "censorship" is disabled by default, right? That you have to specifically enable the "Hate/Discrimination" filter before it will filter anything? It's not censorship if you voluntarily enable it.

Furthermore, you realize that the "hate/discrimination" tags are user-submitted, and can be out-voted by other users, right?

This is how European-style web-blocking will come to the US?... I give it
Why don't they just arrest the scammers? Are they in Nigeria and Nigeria won't turn them over? Why don't we send agents abroad to bring them here? Didn't stop us from doing it in Italy to a guy suspected of being a member of Al Qaeda...

While you are going for teh funnay, why not instead insist that any government related site run on a.gov domain? Its not like domains cost anything, and it would be fairly obvious if you weren't at a government site. Example - whats the site that you can get free credit reports from that is associated with the FTC? annualcreditreport.com, freecreditreport.com, checkyourcredit.com? Why shouldn't it be creditreport.ftc.gov?

Unfortunately, a lot of people don't understand that "the internet is not.com". I run a couple of web sites for organizations, and I have to get the.com as well as the.org for any domains, because 20-30% of visitors come to the.com one, and if I don't snag the.com immediately I'll get complaints that the organization I support is a front for porn or ad sites.

I once tried to give out a.org address to someone, and they asked (I am not making this up), "so that's xyz dot org dot com?" - I finally gave up and made it a habit to grab the.org AND.com for any org I set up.

PS: annualcreditreport.gov does work. It redirects to the FTC, which has links to annualcreditreport.com. Annualcreditreport.com is a non-Governmental organization, set up in response to demands from the government that consumers get annual free access to their credit reports. So giving them a.gov URL would be inappropriate.

Freecreditreport.com, on the other hand, belongs to consumerinfo.com, and is a pay-for site that is desperately trying to pretend to be the FTC-mandated free credit check service, but is in fact a "free trial with automatic renewal at $15 a month after seven days" service. As with many such services, good luck canceling it before you get whacked $15 a month for the rest of your life.

And, of course, you can't stop such a service by non-payment. I mean, after all, it's run by Experian. Imagine what your credit report would look like if you tried to stop a payment to a credit reporting agency. Might as well slash your wrists now and save the agony.

Unfortunately, a lot of people don't understand that "the internet is not.com".

These people will become enlightened once the rest of us stop coddling them.

Annualcreditreport.com is a non-Governmental organization, set up in response to demands from the government that consumers get annual free access to their credit reports.

Wherein lies the problem. It should have been a governmental organization.Then again, the entire process of credit reporting needs much heavier regulation than it currently receives. We would not see nearly the problems with identity theft and blatantly-wrong, willfully-uncorrected credit report details if the government were managing the process.

It will not, as long as both registrars and SSL providers will register ANYTHING. And they will. I got an email recently directing me to something like citibank-online.com. If you can register that and not have anything to do with CitiBank itself, you have pretty much a blank check to defraud people. And there is no part of "common sense" that will help people.

Because citibank-online.com is a perfectly valid domain and could certainly have SSL. I will bet there will be an EV SSL provider that would sel

In your example, its clearly a trademark violation so Citibank has the right to use the normal procedures that get used when a DNS name violates their trademark and either get the domain name shut down (i.e. removed from the DNS) or handed over to Citibank.

What effort did the representatives make to be educated? It was the push to make it the responsibility of others to force knowledge on representatives that left the US with the current lobbying problem. The sequence should be as follows:

Yes, it would. In order to send an email from "FDIC.gov" they would have to hijack an account at FDIC.gov. This allows you to quickly trace back the problem.

With both Domain Keys, and SPF, you can specify which servers are "authorized" to send for your domain (or have a signed key) and mail relayed from other servers will show up as invalid, and be discarded or dumped to your spam box

Basically, the scammer/spammer would have to target the people they want to spoof first, instead of sending their legion of

First it will be fraud sites. Then alleged copyright infringers. Then alleged porn peddlers. Then alleged left wing/right wing propagandists. Then any site deemed to be detrimental to the well-being of the Homeland.

And before you know it, the commercialization of the World Wide Web (a least from the viewpoint of a US citizen) will be complete.

I disagree. The anti-piracy group has a much larger bribe/payola budget than the conservative christian groups.

Now, maybe kiddie porn will go before piracy, because "think of the chilluns" can always get a bill passed and they'll have some precedents to make an anti-piracy one easy to pa$$ after that. But regular consenting-adult porn will be pretty far down the list of priorities because there's not as much immediate profit in it.

Just pass a law saying the ISPs must block all spam, problem solved. Next, they should make them block all viruses as well. Wow, I never thought it would be this easy. Block any discussion of terrorist acts as well, and all pictures of ugly women.

Any Internet service provider that, on or through a system or network controlled or operated by the Internet service provider, transmits, routes, provides connections for, or stores any material containing any misrepresentation (of the SIPC) shall be liable for any damages caused thereby, [emphasis mine] including damages suffered by the SIPC, if the Internet service provider...is aware of facts or circumstances from which it is apparent that the material contains a misrepresentation.

Dude, if we could get the ISPs to pay us for everything that ever goes wrong on the Internet, think of how much money we could make!

On a serious note, I think that section is aimed at web hosting companies that know they are serving fraudulent sites - how is my local telco going to be "aware of facts or circumstances from which it is apparent that the material contains a misrepresentation" if all they are doing is serving me packets that I have requested from some random web site?

It's been clear for some time now that it was only a matter of time before the feds began forcing ISP's to block controversial sites (probably with about as much "proof" of wrongdoing as we see in the infamous DMCA takedown notices). It's sad that the days of simply typing in www.thepiratebay.org or even a lot of legitimate sites' URL's and having the site just pop up are coming to an end. From now on out, it's going to be a constant fight between users and their ISP's, with the RIAA/MPAA exclusively deciding which sites we can see or not see. Of course, we/. clever types can find ways around it, but again, it will be a constant fight from now on (like homebrew on a console or jailbreaking an iPhone, it will be a constant state of we-figure-out-a-new-workaround-they-find-a-way-to-block-it). What a shame.

you are close, but not quite there. The days of Freedom are finally ending... the Gov't is intruding into every aspect of our lives, telling us what we should eat, what we should drive, cameras are popping up everywhere, and we allowed them to do it to us.

I agree, lets just figure out which halcyon days we want to get to:90s: No, the brady bill and the copyright fiascos80s: The war on drugs70s: Vietnam Draft, Opec Embargo and the government muscle moving into that, Kent State shootings60s: Vietnam, Civil Rights Abuses50s: Red Scare, McCarthyisim

You know, I'm having a hard time finding just when things were great. Maybe we need to revoke universal sufferage and reinstute the alien and sedition acts?

Looking at the wording of the law, I think the idea was to make the scammer's own ISP liable, not every ISP in the country. But that's not what it says; the law ends up covering every ISP from the scammer to the customer, including transit providers. Hopefully this thing will get killed.

Looking at the wording of the law, I think the idea was to make the scammer's own ISP liable, not every ISP in the country. But that's not what it says; the law ends up covering every ISP from the scammer to the customer, including transit providers. Hopefully this thing will get killed.

If Congressmen can't even be bothered to read the bills on which they vote, we have little hope of common sense prevailing.

Now I don't suggest we have a domain for everything, but ".bank" sounds like a good idea and something useful for that particular industry. Much like you need to be an educational institution to use.EDU or a government entity for.GOV, why not allow only properly registered banks to use a.bank domain, with some checks to ensure they're not scammy duplicates.

After a year or two, anything not using the ".bank" domain should hopefully raise enough suspicion to become fairly obvious as a scam.

Someone please mod that guy up! We do indeed need a.bank domain. Well, I don't since I just use the telephone, but most people these days do in fact bank online. A.bank domain would actually be effective, unlike this legislation.

Then make.bank.us and.bank.uk and so on. Each country has a set of codes that define whether an organisation is a bank, and if it is it has to pay some fees to cover the cost of being regulated as such. This is why PayPal consistently tries to make sure that it is not classified as a bank. One nice side effect of this system would be that PayPal would have to either not get a.bank.us address (in which case customers might wonder why) or would have to be regulated as a bank (in which case they wouldn't

This clearly violates common-carrier protection, and would require complete monitoring of web-traffic. The idea is, of course, well-intentioned (stop financial scams) - but the actual effects of such a poorly thought-out law would be horrendous. Sort of like the DMCA, Patriot Act and all the other well-intentioned idiocy that has become law.

approach to fighting phishing. His idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Phishers can easily use it to harvest email addresses(X) Mailing lists and other legitimate Internet uses would be affected(X) No one will be able to find the guy or collect the money( ) It is defenseless against brute force attacks( ) It will stop phishing for two weeks and then we'll be stuck with it( ) Users of the Internet will not put up with it( ) Microsoft will not put up with it( ) The police will not put up with it( ) Requires too much cooperation from spammers( ) Requires immediate total cooperation from everybody at once( ) Many Internet users cannot afford to lose business or alienate potential employers( ) Phishers don't care about invalid addresses in their lists(X) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it( ) Lack of centrally controlling authority for email(X) Open relays in foreign countries( ) Ease of searching tiny alphanumeric address space of all email addresses(X) Asshats(X) Jurisdictional problems( ) Unpopularity of weird new taxes( ) Public reluctance to accept weird new forms of money( ) Huge existing software investment in SMTP( ) Susceptibility of protocols other than SMTP to attack(X) Willingness of users to install OS patches received by email(X) Armies of worm riddled broadband-connected Windows boxes( ) Eternal arms race involved in all filtering approaches(X) Extreme profitability of phishing(X) Joe jobs and/or identity theft(X) Technically illiterate politicians( ) Extreme stupidity on the part of people who do business with phishers( ) Dishonesty on the part of phishers themselves( ) Bandwidth costs that are unaffected by client filtering( ) Outlook

and the following philosophical objections may also apply:

( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical( ) Any scheme based on opt-out is unacceptable( ) SMTP headers should not be the subject of legislation(X) Blacklists suck( ) Whitelists suck(X) We should be able to talk about Viagra without being censored( ) Countermeasures should not involve wire fraud or credit card fraud( ) Countermeasures should not involve sabotage of public networks( ) Countermeasures must work if phased in gradually( ) Sending email should be free(X) Why should we have to trust you and your servers?( ) Incompatiblity with open source or open source licenses(X) Feel-good measures do nothing to solve the problem( ) Temporary/one-time email addresses are cumbersome(X) I don't want the government reading my email(X) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.( ) This is a stupid idea, and you're a stupid person for suggesting it.( ) Nice try, assh0le! I'm going to find out where you live and burn yourhouse down!

Finally... the "censorship" tag is applied in a 100% appropriate context, and not because a corporation refuses to publish apps or something...

Yes, this is probably a troll - but the sentiment is a valid one. It's frustrating how often people get up in arms about "censorship" from various corporations where they sign up for/agree to the terms in the first place -- kind of waters down the meaning of the term.

The notion that freedom must masquerade as anarchy is stupid and destructive. There is absolutely no reason why ISPs, registrars, etc should be allows to serve/host known scam sites or CnC servers.

The governments of the world should land on these scammers like an 800lb gorilla. The whole "ZOMG THEN PIRATE BAY IS NEXT" hysteria is overdone and only serves to provide cover for extremely bad actors to get away with murder online. Botnets should not exist--period.

Today, its 'fraud' sites, next its KP... then the next TPB, then anything that the administration in charge at the time doesn't like at the time. ( like a site that supports free speech, or disagrees with them )

Why doesn't the federal Government use the URDP to just seize the domains? If they're posing at the government, that should be a quick slam-dunk court case, and then the government just takes it to ICANN who forces their registrar to transfer to ownership:

I know it's not as simple as that, but once the ball is rolling it should stop them as appealing method of scamming. Plus, it's "the right way" to get it done without passing any new law that can be abused. Enabling any sort of China-like-firewall-filter is a *bad idea*.

Are you high? The DMCA started with the best of intentions. Now it is used to stifle people criticism and control content. i can only assume you are some kind of troll, because you surely realize that as soon as you start blanketing one corner of the internet with "fraud protection", you move to "counterfeit assurance" and then "piracy control" until you finally get to "free speech countermeasures". if this is the internet you want, please, setup your own intranet and leave the rest of us out of it. i'll take the scammers any day over oppression.

Exactly, or simply a redirect to a "safe page" containing a warning with a link to the site you're trying to access. Maybe a government backed blacklist of sites to have ISP's redirect off of.

Warning!

The site [url] has been known to host scam/phishing web pages. Pages on this site may appear legitimate but may in fact be fakes. These fakes have been known to steal your personal and/or banking information.

If you click the link below you will be taken to the site you were trying to reach. Visit at your ow

The thing about that slippery slope is that they already could do that without this framework in place. Its not a linear progression of ideas just because you think one thing is worse than the other. There is no slope.

Not immediately, but I could see a creep in that direction. This law appears relatively narrow in its focus (only related to SIPC fraud), but mind-bogglingly wide in its scope (Any Internet service provider that... transmits, routes, provides connections for, or stores any material containing any misrepresentation (of the SIPC) shall be liable for any damages...)
I think Obama would target Fox News before the GOP though.

The problem is, it isn't common sense. If I can register a domain like citibank-online.com or similar things using real, trademarked names common sense almost doesn't apply anymore. A web site can get an SSL certificate for citibank-online.com from some places as well.

The folks that should be preventing this have seriously dropped the ball. We have registrars which will register anything and SSL providers which will generate a certificate for anything. We jut recently went through the whole "extended va